My Visit to SCO

The full story of what one person who signed SCO's NDA encountered on his trip to Lindon, Utah.

This essay describes my visit to SCO on
June 17, 2003, to discuss SCO's claim that Linux infringes on its
intellectual property rights. I visited the SCO office in Lindon,
Utah, for about one hour. I spoke with Chris Sontag, Senior Vice
President, Operating Systems Division, and with Blake Stowell,
Director of Public Relations. In order to speak with them, I signed
a non-disclosure agreement.

The short version of this essay is SCO's claims are unproven,
as I expected would be the case before I went. The amount of
information SCO was willing to show me was extremely limited, and
it did not by itself prove that SCO's claims were true nor that its
claims were false.

Background

I won't give the full background here, as it is well covered
elsewhere, such as on
Karsten
Self's page. The short version, as of June 17, 2003, is SCO
has sued IBM, alleging that IBM took work that was the intellectual
property of SCO and incorporated it into Linux (when I say "Linux"
in this essay, I mean specifically the Linux kernel, not a complete
distribution). SCO is the current owner of Unix, which originally
was developed by AT&T. SCO, which used to be named Caldera,
purchased the rights to Unix from a different company named SCO,
which has since changed its name to Tarantella. Along with Unix,
SCO purchased a number of contractual agreements, including one
with IBM. SCO is alleging that IBM has violated that
contract.

SCO also sent a letter to some 1,500 commercial users of
Linux distributions, warning them that Linux may be an unauthorized
derivative of code owned by SCO. That is, SCO alleges that Linux
actually to some extent is owned by SCO and may not be distributed
under the GPL. The letter further claims that users of Linux may
have legal liability because of this.

SCO said it would provide evidence that Linux is a derivative
of Unix to independent analysts. With the help of Don Marti, Editor
in Chief of Linux Journal, I contacted SCO and
offered to be one of those analysts. SCO agreed, subject to my
signing the NDA and traveling to its headquarters in Lindon,
Utah.

SCO's legal case is complicated by the fact that when SCO was
named Caldera it was itself a Linux distributor, and it may have
distributed, under the GPL, the code which it now claims to own. It
also complicated by allegations that SCO has incorporated Linux
code under the GPL into UnixWare. These issues may indeed cause
SCO's legal case to founder, but not in the way I would prefer it
to founder.

Why Did I Go?

I took the trouble to visit SCO because I care about what
happens to free software in general and Linux in particular. The
SCO claims have put a cloud over Linux. I have heard speculation
from business acquaintances that the free versions of Linux will be
shunned by corporate IT users, who will be unwilling to take the
legal risk of using it. I don't think that would be good for Linux
or for free software.

I remember the AT&T case against BSDI and the University
of California, which arguably stalled BSD development for a few
years. Indeed, it arguably was the root cause of Linux's
popularity, because Linux development was not stalled. SCO's case
against IBM is in some ways a reprisal of the AT&T case, and I
fear that it has a similar potential to stall Linux
development.

SCO was willing to speak only with people who signed a
Draconian non-disclosure agreement (NDA), one which essentially
permitted SCO to declare any information it provided to be
confidential, regardless of whether the signer already knew it, and
which offered no circumstances under which that information could
be revealed. Most Linux developers are unable to sign such an NDA,
as it easily could prevent them from ever again working on the
kernel. Similarly, employees of any company that works with Linux
cannot sign such an NDA.

I have never contributed to the Linux kernel myself. However,
I have worked with free software for over 10 years, including
acting as a maintainer for projects owned by the Free Software
Foundation. I have plenty of personal knowledge of how free
software development works. I currently am not employed by anybody,
but simply working as a contractor on work not related to
Linux.

Thus, I felt going in that I was in a good position to sign
the NDA and to analyze the information that SCO presented to me.
While SCO easily could have made it impossible for me to contribute
to the Linux kernel, it had no reason to do so. In any case, I had
no particular plans to do any kernel work.

Before going to meet SCO, I asked three times if it would be
willing to change the NDA. I suggested that SCO should change the
NDA to permit the disclosure of information when legally required
by a court and to permit the disclosure of information when SCO
specifically agrees to it. I also suggested the NDA should be
changed so that information I already knew before meeting could not
be treated confidential. The only response I received was SCO
forwarded my suggestions to its counsel.

As I was reading it occurred to me that all this legal wrangling is going on in US court. I wonder if this is an opening for other countries to continue promote Open Source software more effectively than the US. It would seem to me that if US companies had to pay 300, 1000, whatever for each software product, and the rest of the world could get it for free to use in there locale, the US would be at a severe cost disadvantage.

Use the world's best and cheapest software, host it in Russia or Belize (wherever), might really tip the scales. Already I can see that shrink wrapped software sales is under pressure, grid computing and the internet could make remotely hosted software systems very attractive.

I don't know all the legal aspects, but I do knows that developing countries will be looking for competitive advantages. As IP becomes the strong market commodity in the future, it seems to me that countries that have the best terms will succeed in capturing market share. Isn't that how the US became an industrial powerhouse? Wasn't US law more entrepreneurial than England, where the industrial revolution began?

Doesn't the fact that there are jokes within the source code's comments suggest they were written by hippies and bums (Open Source programmers) rather than corporate developers (SCO or AT&T)? I just can't help thinking that these codes were indeed copied from Linux to SCO's stuff, not the other way around as SCO suggests.

I just heard SCO is started to send bills to those it sent the original letter. I recommend that anyone that receives a letter asking for payment to file a complaint with the ftc at http://www.ftc.gov.

The CEO of SCO is an SOB. The only winner in this copyright/patent dispute is, as usual, Microsoft. Bill Gates and his cohorts are jumping up and down with glee at seeing the rest of the software industry attacking and destroying each other. Consequently, I will be buying Microsoft stock.

[SCO] said that until the parties go to court, it doesn't want the Linux community to remove the code in question.

Now that is an interesting. If SCO is making charges that there is Unix code in Linux, why does it not want to help the Linux community identify these violations and have said code removed/replaced in an expedient manner?

If I have a copyrighted file and cuts out a piece of it (without copyright header) and send it to some newsgroup to ask a question about some problem I have with this piece of code, is then that code copyrighted or not?

If it is not, it would mean that every member of that newsgroup could do a cut and paste and have the identical code in their project even though that code was originally copyrighted.

I have no idea if this applies to the current issue but I am curious how the copyright laws works.

Very Intresting article, this does amount to a lot of debate, what happen when the boot is on the other foot for SCO, whate happens if the code originally came from the linux community. Makes you think doe it not. Sco is going bad, uses this example code which it obtained from the linux community, has a large bank balance and thinks lets give IBM a shake up and score some more money..

In general, the issue is where the boundary lies between derivative works and independent works. All programs run on Unix use a Unix API; do they therefore become derivative works? Presumably not. However, when writing a program that runs on Unix, I might look at Unix source code if I have access to it; does that make my program a derivative work? It seems, from SCO's comments, that it might claim this is so.

It sounds like the logical conclusion to this argument is that any attempt at compatibility with other software implies derivation. It'll be a scary day for the software industry if that holds up in court...the only way your app can be unencumbered is if you write your own custom OS to run it under, and use your own explicitly incompatible interfaces and file formats. OTOH, maybe I should see if I can find out who first implemented ASCII and buy the implied copyrights to it on the cheap before they catch on...

Since SCO has nothing to loose given they were/are likely to go bankrupt anyway, I wonder if they are simply setting themselves up as a sinking-ship legal test case for a number of uncertainties in software law. They are touching on the limits of copyright licenses, what is a derivative work, software patents, trade secrets, damages for making knowledge public, enforceability of clauses of the GPL (given Caldera distributed Linux, who gets damages for their illegal distribution given they now claim proprietary rights against GPL'd code), and so-on.

While SCO/Caldera can no longer be taken seriously as a software company, I do believe we should all be taking the legal and public policy implications of this case very seriously. This case may cause many unanswered questions to get answered, and if we are not proactive they may not be answered in what we would consider a reasonable/logical way.

What I am asking is that people become more active in the legal and policy questions that these cases are bringing forward. Don't underestimate the lack of knowledge that courts and policy makers have about Free Software and all the positive implications of what we are doing! We have something very important we are protecting, and should take every avenue we have available to us to protect it.

Reminds me of a lawsuit many many decades ago in Europe, where a very popular artist painted on the table cloth. The restaurant owner claimed the piece because it was painted on his property, yet the court decided that the artwork as such was property of the artist and that the artist had to pay the restaurant owner only for the table cloth it was painted on (probably cents in comparison to the 1000 of $s which the painting was worth).

It would be very interesting if Linux source-code from Caldera bought by SCO was put into SCO's products. If this would be the case the GPL demands to reveal all the SCO sources which include little pieces or bigger parts of these linux-sources.

Maybe a sue from the open source community would be more justifiable then the other way round.

First, many thanks to IanLanceTaylor for taking the trouble to listen at SCO's nonsense and writting this clearifying article to the benefit of the Linux comunity.
Now, let's not miss the central issue as it affects Linux users and vendors anyway. Any US court will be compeled to distinguish between property rights and licencing rights. Even if any component of AIX is indeed derivative work (BTW, a big IF), it would only affect the licencing contract between IBM and ATT (now SCO), and not the fact that the new AIX components indeed belong to IBM. All SCO can try is to get a penalty from IBM for violation of the licencing agreement. As all these new AIX components, whether derivative or not, still belongs entirely to IBM, the Linux-GPL licencing by IBM cannot be revoked, nullified or terminated by SCO. Linux users and vendors may well alege that the code they are using belongs to IBM and is released under GPL by it's owner (IBM). Therefore they are not in violation of any SCO IP, and the licencing issues relating to the original System V is to be dealt out with IBM, not with the Linux users or vendors.
Even as SCO tries to teminate IBM-ATT's original licencing contract, the code written by IBM for AIX still belongs to IBM, not to SCO. Therefore SCO still has no right to ask for fees to Linux vendors or users.
On the other hand, as SCO might expect a penalty from IBM, they might as well expect further IP violation thunderstorms from IBM. It is my speculation that it'll all turn out to be a "get rich quick and leave for good" move by SCO's shareholding management.

First, many thanks to IanLanceTaylor for taking the trouble to listen at SCO's nonsense in the benefit of the Linux comunity.
Now, let's not miss the central issue as it affects Linux users and vendors anyway. Any US court will be compeled to distinguish between property rights and licencing rights. Even if any component of AIX is indeed derivative work (BTW, a big IF), it would only affect the licencing contract between IBM and ATT (now SCO), and not the fact that the new AIX components indeed belong to IBM. All SCO can try is to get a penalty from IBM for violation of the licencing agreement. As all these new AIX components, whether derivative or not, still belongs entirely to IBM, the Linux-GPL licencing by IBM cannot be revoked, nullified or terminated by SCO. Linux users and vendors may well alege that the code they are using belongs to IBM and is released under GPL by it's owner (IBM). Therefore they are not in violation of any SCO IP, and the licencing issues relating to the original System V is to be dealt out with IBM, not with the Linux users or vendors.
Even as SCO tries to teminate IBM-ATT's original licencing contract, the code written by IBM for AIX still belongs to IBM, not to SCO. Therefore SCO still has no right to ask for fees to Linux vendors or users.
On the other hand, as SCO might expect a penalty from IBM, they might as well expect further IP violation thunderstorms from IBM. It is my speculation that it'll all turn out to be a "get rich quick and leave for good" move by SCO's shareholding management.

A derivative work is any material created by modifying or incorporating any previous work. FreeBSD 5.1 is a derivative work of FreeBSD 5.0 and FreeBSD 2.0 is a derivative work of one of the BSD releases.

Likewise, the JFS code makes Linux a derivative work of OS/2, for example.

This is all basic copyright law that has been well-understood since the early days of U.S. intellectual properties law. It's not in dispute.

SCO is making a number of claims. Apparently, according to SCO, IBM was contractually required to keep technologies developed for its UNIX-derived works secret. Thus JFS is tainted by the contract, not copyright law. Even rewriting the code from scratch for OS/2 wouldn't solve that problem, but it's not the code that IBM's UNIX license places the restrictions on.

The way I see it, our best-case scenario is that SCO'll turn up a few insignificant cases of copyright infringement in the form of small blocks of code that'll need to be rewritten for Linux. People make slip-ups like that, and Linux developers probably haven't maintained 100% perfection throughout the history of the OS.

The worst case scenario is that SCO will win on the contractual issues and there'll be an injunction against the use of certain IBM inventions outside of UNIX.

Losing directly on the trade secret issues (without losing on the contractual issue) wouldn't be as bad, since IBM would end up paying a financial judgement to SCO, and SCO would lose its trade secrets. Once a trade secret is disclosed, it ceases to exist even if you successfully sue the people that released the information.

Sorry but you are wrong. Your BSD example is correct with regards to derivative works. However, with regards to JFS, since it's not BASED on an existing SVR5 file system, it is an INNOVATION, and not a DERIVATION. The derivation concept does not apply. If JFS 1.0 was present in SVR5 as LogFS, IBM took that code, rewrote and improved it, then JFS would be a derivative of SVR5. Have you looked back at what was in the original AT&T SVR5? There's nothing like JFS, RCU, or NUMA even remotely attempted in there.

There needs to be a bit morelight shed on SCO's financial position. I have heard comments that SCO is financially in the dumpers and heading for bankruptcy when the suit idea surfaced. MS got the idea that SCO was a good proxy warrior against Linux, and popped for the money to let SCO continue. Now, unless SCO prevails and wins a bundle in damages from someone who will actually pay up, it's on to bankruptcy again.

A desperate move by desperate people, supported by a sideline sitter with a most vested interest.

A lawyer told me once "delay" was a powerful legal weapon. Here's a much more satisfying projection: why not wait SCO out. Theoretically the small corp has the same rights as IBM, but just like an OJ trial - money talks. And buys you time. IBM (and RedHat) could probably delay the proceedings until SCO's cash runs out for much less money than it would cost to buy the company.

>IBM (and RedHat) could probably delay the proceedings
>until SCO's cash runs out for much less money than
> it would cost to buy the company.

That's right, but _some_ companies can invest some amounts of money in SCO, say, as licensing fees. As they did, in fact. As SCO does not develop anything now, it can fire all its personel, except CEO, PR and lawyers and thus minimize its outcomes. It could take a lOOOOng to wait for SCO's bankruptcy.

It would seem to me that a reasonable interpretation of SCO's derivative works policy indicates that all of the code ever written is derivative of that which came before it. Eventually, you would get to the point of INTEL, MOTOROLA, TI, NATIONAL SEMICONDUCTOR, and perhaps a couple of others who own the microcode for their processors and PLAs, having a claim to everything written. It is pretty ludicrous but then, so is SCOs assertion. (If we are accurate in assuming that they are claiming that linking to a API constitutes a derivative work)

If I owned any SCO stock, now would be a great time to divest. The counter suits of which you spoke would seem to be a very likely outcome. I suspect that in five years, there will be only a memory of an entity known as SCO.

The first thing that I feel IBM needs to do is ask The SCO Group, "Prove you own the Unix copyrights".

Novell states they did not transfer Unix copyrights over when the code was bought. Here is an excerpt of Novell's statement:

Importantly, and contrary to SCO's assertions, SCO is not the owner of the UNIX copyrights. Not only would a quick check of U.S. Copyright Office records reveal this fact, but a review of the asset transfer agreement between Novell and SCO confirms it. To Novell's knowledge, the 1995 agreement governing SCO's purchase of UNIX from Novell does not convey to SCO the associated copyrights. We believe it unlikely that SCO can demonstrate that it has any ownership interest whatsoever in those copyrights. Apparently, you share this view, since over the last few months you have repeatedly asked Novell to transfer the copyrights to SCO, requests that Novell has rejected. Finally, we find it telling that SCO failed to assert a claim for copyright or patent infringement against IBM.

The first thing that I feel IBM needs to do is ask The SCO Group, "Prove you own the Unix copyrights".

Novell states they did not transfer Unix copyrights over when the code was bought. Here is an excerpt of Novell's statement:

Importantly, and contrary to SCO's assertions, SCO is not the owner of the UNIX copyrights. Not only would a quick check of U.S. Copyright Office records reveal this fact, but a review of the asset transfer agreement between Novell and SCO confirms it. To Novell's knowledge, the 1995 agreement governing SCO's purchase of UNIX from Novell does not convey to SCO the associated copyrights. We believe it unlikely that SCO can demonstrate that it has any ownership interest whatsoever in those copyrights. Apparently, you share this view, since over the last few months you have repeatedly asked Novell to transfer the copyrights to SCO, requests that Novell has rejected. Finally, we find it telling that SCO failed to assert a claim for copyright or patent infringement against IBM.

Is it possible that they are trying to force a legal
judgement on "derivative works" in order to set
a precedent for a future assault on the GPL? Ok,
putting on my little foil conspiracy beanie... Could
they (with MSoft backing) be setting themselves
up to fail in the derivative works argument?

Their concept of owning of a derivitive work has nothing to do either with the GPL and/or copyleft, or even with copyright law. What they are saying, taken to it's logical conclusion, is that a wholy original and seperately produced work (such as SGI Numa or IBM JFS), once it is compiled and used with Unix, even if originally developed elsewhere or for other operating systems first, suddenly, the original authors or companies loose all rights to that said work. Such a notion is clearly perposterous.

WIth the licensing of many analysis tools on the proprietary market (IBM, MATCAD, MS, etc.) costing millions, corporatations are looking more and more frequently to open source software (GPL) to create the tools they need for development. Look at Boeing, Raytheon, and Lockheed....how many of their in-development research projects are being worked with Linux and GPL tools? Gobbs more than the rest of you will ever know as most of the projects have military applications and are thusly classified. Screw SCO! The have a substandard product, and are just blatantly attempting to mug the corporate Linux users. This is exactly the same crap that mobsters did to America in the '30s and it took the judicial branch of the government 70+ years to un-***** the situation.

" In general, the issue is where the boundary lies between derivative works and independent works. All programs run on Unix use a Unix API; do they therefore become derivative works? Presumably not. However, when writing a program that runs on Unix, I might look at Unix source code if I have access to it; does that make my program a derivative work? It seems, from SCO's comments, that it might claim this is so."

So in other words their trying to make Linux programs running under UNIX, they consider UNIX to be a derivative work of Linux ? How else could they have accomplished this task w/o looking at the kernel sources ?

I'd suggest that, rather than having a single vendor or Linux user charity buy up SCO, the best way forwards would be for all the major Linux vendors/supporters to club together to buy up SCO, with contributions weighted by sales. A charity won't get enough subscribers, and any single vendor would be put at a severe disadvantage.

Of course this does have the downside of handing a large amount of money to some parasites, but hey, thats the commercial world. Always has been (look up the James Watt crankshaft patent in Google) and probably always will be, although the law can be changed to reduce it.

the linux kernel is the very same kernel they shipped with caldera, which means their acceptance for whatever was in that kernel, to be made public, implicitly voiding whatever they claim today, retroactive

there is no court in the country to encourage completely un-fonded claims and to spend more than a half an hour with this abomination...

you can not contribute your code to GPL if you are not aware of it. This is part of the GPL.

Where exactly does it say this, and what is the wording? I've read through the whole GPL, (I skimmed some parts, I admit...but only sections which I didn't think would have this in it.) and I can't seem to find it.

So all they have to say/prove is that they did not know what they were selling.

So basically, they have to say they were stupid, and deserve compensation for that fact. I don't know of many CEO's that would admit they were stupid.

I bet you could find a few who would admit to being stupid for a $3B windfall to a $130M company. Even I would, if it weren't for the ethics. I think it's clear that ethical considerations aren't real high on SCO's list.